More Web Proxy on the site http://driver.im/

research-article

Detection and Forensics against Stealthy Data Falsification in Smart Metering Infrastructure

Authors:

Shameek Bhattacharjee,

Sajal K. DasAuthors Info & Claims

IEEE Transactions on Dependable and Secure Computing, Volume 18, Issue 1

Pages 356 - 371

https://doi.org/10.1109/TDSC.2018.2889729

Published: 01 January 2021 Publication History

Abstract

False power consumption data injected from compromised smart meters in Advanced Metering Infrastructure (AMI) of smart grids is a threat that negatively affects both customers and utilities. In particular, organized and stealthy adversaries can launch various types of data falsification attacks from multiple meters using smart or persistent strategies. In this paper, we propose a real time, two tier attack detection scheme to detect orchestrated data falsification under a sophisticated threat model in decentralized micro-grids. The first detection tier monitors whether the <italic>Harmonic to Arithmetic Mean Ratio</italic> of aggregated daily power consumption data is outside a normal range known as <italic>safe margin</italic>. To confirm whether discrepancies in the first detection tier is indeed an attack, the second detection tier monitors the <italic>sum of the residuals</italic> (difference) between the proposed ratio metric and the safe margin over a frame of multiple days. If the sum of residuals is beyond a <italic>standard limit</italic> range, the presence of a data falsification attack is confirmed. Both the ‘safe margins’ and the ‘standard limits’ are designed through a ‘system identification phase’, where the signature of proposed metrics under normal conditions are studied using real AMI micro-grid data sets from two different countries over multiple years. Subsequently, we show how the proposed metrics trigger unique signatures under various attacks which aids in <italic>attack reconstruction</italic> and also limit the impact of persistent attacks. Unlike metrics such as CUSUM or EWMA, the stability of the proposed metrics under normal conditions allows successful real time detection of various stealthy attacks with ultra-low false alarms.

References

[1]

S. Axelsson, “The base-rate fallacy and the difficulty of intrusion detection,” ACM Trans. Inf. Syst. Secur., vol. 3, no. 3, pp. 186–2015, Aug. 2000.

Digital Library

[2]

S. Bhattacharjee, A. Thakur, S. Silvestri, and S. K. Das, “Statistical security incident forensics against data falsification in smart grid advanced metering infrastructure,” in Proc. 7th ACM Conf. Data Appl. Secur. Privacy, 2017, pp. 35–45.

[3]

A. Cardenas, R. Berthier, R. Bobba, J. Huh, J. Jetcheva, D. Grochocki, and W. Sanders, “A framework for evaluating intrusion detection architectures in advanced metering infrastructures,” IEEE Trans. Smart Grid, vol. 5, no. 2, pp. 906–915, Mar. 2014.

[4]

T. Chan, G. Golub, and R. LeVeque, “Algorithms for computing the sample variance: Analysis and recommendations,” The Amer. Statistician, vol. 37, no. 3, pp. 242–247, 1983.

[5]

S.-C. Huang, Y.-L. Lo, and C.-N. Lu, “Non-technical loss detection using state estimation and analysis of variance,” IEEE Trans. Power Syst., vol. 28, no. 3, pp. 2959–2966, Aug. 2013.

[6]

R. Jiang, R. Lu, Y. Wang, J. Luo, C. Shen, and X. Shen, “Energy-Theft detection issues for advanced metering infrastructure in smart grids,” Tsinghua Sci. Technol., vol. 19, no. 2, pp. 105–120, Apr. 2014.

[7]

A, Jindal, A. Dua, K. Kaur, M. Singh, N. Kumar, and S. Mishra, “Decision tree and SVM-based data analytics for theft detection in smart grid,” IEEE Trans. Ind. Informat., vol. 12, no. 3, pp. 1005–1016, Jun. 2016.

[8]

P. Jokar, N. Arianpoo, and V. Leung, “Electricity theft detection in AMI using customers’ consumption patterns,” IEEE Trans. Smart Grid, vol. 7, no. 1, pp. 216–226, Jan. 2016.

[9]

T. Koppel, Lights Out: A Cyberattack, A Nation Unprepared, Surviving the Aftermath. New York, NY, USA: Crown Publishers, 2015.

[10]

C.-H. Lo and N. Ansari, “CONSUMER: A novel hybrid intrusion detection system for distribution networks in smart grid,” IEEE Trans. Emerging Top. Comput., vol. 1, no. 1, pp. 33–44, Jun. 2013.

[11]

R. Lu, X. Liang, X. Li, X. Lin, and X. Shen, “EPPA: An efficient and privacy-preserving aggregation scheme for secure smart grid communications,” IEEE Trans. Parallel Distrib. Syst., vol. 23, no. 9, pp. 1621–1631, Sep. 2012.

Digital Library

[12]

S. McLaughlin, D. Podkuiko, and P. McDaniel, “Energy theft in the advanced metering infrastructure,” in Proc. Int. Workshop Critical Inf. Infrastructures Secur., Sep. 2009, pp. 176–187.

[13]

S. McLaughlin, B. Holbert, S. Zonouz, and R. Berthier, “AMIDS: A multi-sensor energy theft detection framework for advanced metering infrastructures,” in Proc. IEEE 3rd Int. Conf. Smart Grid Commun., Nov. 2012, pp. 354–359.

[14]

J. Nagi, K. Yap, S. Tiong, S. Ahmed, and M. Mohamad, “Nontechnical loss detection for metered customers in power utility using support vector machines,” IEEE Trans. Power Del., vol. 25, no. 2, pp. 1162–1172, Apr. 2010.

[15]

D. Mashima and A. A Cardenas, “Evaluating electricity theft detectors in smart grid networks,” in Proc. Springer Int. Workshop Recent Advances Intrusion Detection, Sep. 2012, pp. 210–229.

[16]

B. Meyer, “Some inequalities for elementary mean values,” AMS Math. Comput., vol. 42, no. 165, pp. 193–194, 1984.

[17]

M. Tariq and H. V. Poor, “Electricity theft detection and localization in grid-tied microgrids,” IEEE Trans. Smart Grid, vol. 9, no. 3, pp. 1920–1929, May 2018.

[18]

S. H. Tung, “On lower and upper bounds of the difference between the arithmetic and the geometric mean,” AMS Math. Comput., vol. 29, no. 131, pp. 834–836, 1975.

[19]

R. Mohassel, A. Fung, F. Mohammadi, and K. Raahemifar, “A survey on advanced metering infrastructure,” Elsevier J. Electr. Power Energy Syst., vol. 63, pp. 473–484, Dec. 2014.

[20]

A. Rad and A. L. Garcia, “Distributed internet-based load altering attacks against smart power grids,” IEEE Trans. Smart Grids, vol. 2, no. 4, pp. 667–674, Dec. 2011.

[21]

R. Sevlian and R. Rajagopal, “Value of aggregation in smart grids,” in Proc. IEEE Int. Conf. Smart Grid Commun., Oct. 2013, pp. 714–719.

[22]

Y. L. Sun, W. Yu, Z. Han, and K. J. Ray Liu, “Information theoretic framework of trust model and evaluation for ad hoc networks,” IEEE J. Sel. Areas Commun., vol. 24, no. 2, pp. 305–317, Feb. 2006.

Digital Library

[23]

D. Urbina, J. Giraldo, A. Cardenas, N. Tippenhauer, J. Valente, M. Faisal, J. Ruths, R. Candell, and H. Sandberg, “Limiting the impact of stealthy attacks on industrial control systems,” in Proc. ACM SIGSAC Conf. Comput. Commun. Secur., 2016, pp. 1092–1105.

[24]

W. Wang and Z. Lu, “Cyber security in smart grid: Survey and challenges,” Comput. Netw., vol. 57, no. 5, pp. 1344–1371, Apr. 2013.

[25]

E. Werley, S. Angelos, O. Saavedra, O. Cortes, and A. Souza, “Detection and identification of abnormalities in customer consumptions in power distribution systems,” IEEE Trans. Power Del., vol. 26, no. 4, pp. 2436–2442, Oct. 2011.

[26]

J. Xia and Y. Wang, “Secure key distribution for the smart grid,” IEEE Trans. Smart Grid, vol. 3, no. 3, pp. 1437–1443, Sep. 2012.

[27]

W. Yu, D. Griffith, L. Ge, S. Bhattarai, and N. Golmie, “An integrated detection system against false data injection attacks in the smart grid, Secur. Commun. Netw., vol. 8, no. 2, pp. 91–109, Jan.2015.

Digital Library

[28]

Telegraph news, Mar.2017. [Online]. Available: http://www.telegraph.co.uk/news/2017/03/06/smart-energy-meters-giving-readings-seven-times-high-study-finds/

[29]

Krebs on security, Apr.2012. [Online]. Available: http://krebsonsecurity.com/2012/04/fbi-smart-meter-hacks-likely-to-spread/

[30]

EPRI product abstract, Jun.2017. [Online]. Available: https://www.epri.com/#/pages/product/000000000001026553/

[31]

NY times, Dec.2009. [Online]. Available: http://www.nytimes.com/2009/12/14/us/14meters.html?ref=energy-environment&_r=0

[32]

Maxim integrated, Feb.2013. [Online]. Available: https://www.maximintegrated.com/content/dam/files/design/technical-documents/white-papers/smart-grid-security-recent-history-demonstrates.pdf

[33]

Our energy policy, Jul.2010. [Online]. Available: https://www.smartgrid.gov/files/The_Smart_Grid_Promise_DemandSide_Management_201003.pdf

[34]

Pecan street project, Dec.2018. [Online]. Available: https://www.pecanstreet.org/

[35]

Energy.Gov, Dec.2008. [Online]. Available: http://energy.gov/sites/prod/files/oeprod/DocumentsandMedia/14-AMI_System_Security_Requirements_updated.pdf

[36]

Irish social science data archives, Dec.2018. [Online]. Available: http://www.ucd.ie/issda/data/

[37]

Echelon, Dec.2014. [Online]. Available: http://www.echelon.com/assets/blt21a75c85e69387d5/DCN-3000-Series-Distributed-Control-Node-datasheet.pdf

Cited By

Maliha MBhattacharjee SVilela JSchulmann HLi N(2024)A Unified Time Series Analytics based Intrusion Detection Framework for CAN BUS AttacksProceedings of the Fourteenth ACM Conference on Data and Application Security and Privacy10.1145/3626232.3653249(19-30)Online publication date: 19-Jun-2024
https://dl.acm.org/doi/10.1145/3626232.3653249
Islam MTalusan JBhattacharjee STiausas FDubey AYasumoto KDas S(2023)Scalable Pythagorean Mean-based Incident Detection in Smart Transportation SystemsACM Transactions on Cyber-Physical Systems10.1145/36033818:2(1-25)Online publication date: 5-Jun-2023
https://dl.acm.org/doi/10.1145/3603381
Bhattacharjee SDas S(2023)Building a Unified Data Falsification Threat Landscape for Internet of Things/Cyberphysical Systems ApplicationsComputer10.1109/MC.2022.319859956:3(20-31)Online publication date: 1-Mar-2023
https://dl.acm.org/doi/10.1109/MC.2022.3198599
Show More Cited By

Index Terms

Detection and Forensics against Stealthy Data Falsification in Smart Metering Infrastructure
1. Security and privacy

Index terms have been assigned to the content through auto-classification.

Recommendations

Statistical Security Incident Forensics against Data Falsification in Smart Grid Advanced Metering Infrastructure
CODASPY '17: Proceedings of the Seventh ACM on Conference on Data and Application Security and Privacy

Compromised smart meters reporting false power consumption data in Advanced Metering Infrastructure (AMI) may have drastic consequences on a smart grid's operations. Most existing works only deal with electricity theft from customers. However, several ...
Identifying Malicious Metering Data in Advanced Metering Infrastructure
SOSE '14: Proceedings of the 2014 IEEE 8th International Symposium on Service Oriented System Engineering

Advanced Metering Infrastructure (AMI) has evolved to measure and control energy usage in communicating through metering devices. However, the development of the AMI network brings with it security issues, including the increasingly serious risk of ...
A framework for intrusion detection system in advanced metering infrastructure

Advanced metering infrastructure AMI is one of the key elements in smart grid, which facilitates the communication of metering data to a substation in one direction and control messages in the reverse direction. Using wireless technologies and ...

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

cover image IEEE Transactions on Dependable and Secure Computing

IEEE Transactions on Dependable and Secure Computing Volume 18, Issue 1

Jan.-Feb. 2021

504 pages

ISSN:1545-5971

Issue’s Table of Contents

1545-5971 © 2018 IEEE. Personal use is permitted, but republication/redistribution requires IEEE permission. See https://www.ieee.org/publications/rights/index.html for more information.

Publisher

IEEE Computer Society Press

Washington, DC, United States

Publication History

Published: 01 January 2021

Qualifiers

Research-article

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

4
Total Citations
View Citations
0
Total Downloads

Downloads (Last 12 months)0
Downloads (Last 6 weeks)0

Reflects downloads up to 06 Jan 2025

Other Metrics

View Author Metrics

Citations

Cited By

Maliha MBhattacharjee SVilela JSchulmann HLi N(2024)A Unified Time Series Analytics based Intrusion Detection Framework for CAN BUS AttacksProceedings of the Fourteenth ACM Conference on Data and Application Security and Privacy10.1145/3626232.3653249(19-30)Online publication date: 19-Jun-2024
https://dl.acm.org/doi/10.1145/3626232.3653249
Islam MTalusan JBhattacharjee STiausas FDubey AYasumoto KDas S(2023)Scalable Pythagorean Mean-based Incident Detection in Smart Transportation SystemsACM Transactions on Cyber-Physical Systems10.1145/36033818:2(1-25)Online publication date: 5-Jun-2023
https://dl.acm.org/doi/10.1145/3603381
Bhattacharjee SDas S(2023)Building a Unified Data Falsification Threat Landscape for Internet of Things/Cyberphysical Systems ApplicationsComputer10.1109/MC.2022.319859956:3(20-31)Online publication date: 1-Mar-2023
https://dl.acm.org/doi/10.1109/MC.2022.3198599
Bhattacharjee SIslam MAbedzadeh SCardenas AMashima D(2022)Robust Anomaly based Attack Detection in Smart Grids under Data Poisoning AttacksProceedings of the 8th ACM on Cyber-Physical System Security Workshop10.1145/3494107.3522778(3-14)Online publication date: 30-May-2022
https://dl.acm.org/doi/10.1145/3494107.3522778

View Options

View options

Media

Figures

Other

Tables

View Issue’s Table of Contents